Kanv Pandit highlights the need for a ‘metacode of conduct’ to protect metaverse users from loss and fraud until regulation catches up.
The metaverse is opening a new frontier of opportunities in the digital economy. In Singapore, we have a bank that is looking for ways to bring banking services to the metaverse; a hospitality group opening a hotel in Decentraland and inviting virtual avatars; and a graduate school that is planning to go virtual with a metaverse campus.
Some of us might be drawn to the idea of visiting a futuristic world, where we can experience a new type of reality. But the metaverse is no longer science fiction – as it integrates into the modern world, there have been rising concerns about the threats that it could pose, both to individual consumers and businesses.
To be truly viable as a place to live and do business, the metaverse will need real-world controls to protect users from abuse, fraud and loss. Regulation takes time and is difficult to apply globally. But the builders of the metaverse can take proactive steps to create their own “metacode” of conduct and ensure the safety of its users.
Transactional risks in the metaverse
It takes time for regulation to catch up with technological innovation, which means that currently, there is a lack of supervision over the metaverse. This is concerning on several fronts.
First, the currencies we exchange in virtual worlds are not real money in the traditional sense: they are either cryptocurrencies or in-game currencies like Fortnite V-Bucks. There may be accounts or wallets to store these assets in, but there is no government-backed protection from loss or fraud.
Second, the value of what we buy and sell in the metaverse is less tangible than in the real world. A non-fungible token (NFT) or piece of virtual real estate may appear to have a value, but this is not necessarily the case, nor is there a right to refund or other forms of consumer protection.
Then there are more traditional risks like fraud. We don’t yet know all the ways that cybercriminals could exploit the metaverse. But whether through hacking or identity theft, we do know that virtual worlds are not safe from real-world security problems.
Crucially, the significant risks to mental health need to be highlighted. If the metaverse looks and feels like the real world but is unencumbered by criminal law, and with experiences that are more extreme, there are major risks around trauma and negative mental health impacts.
The question is: can we mitigate any of these risks with regulation?
Regulatory possibilities and practicalities
There are over 160 companies operating in the metaverse, with many more likely to follow. In theory, any of these individual operators could exist indefinitely outside of a regulatory framework. Unless regulation of the metaverse is global in its reach, there may be little to stop an offshore-based investment vehicle running its own corner of the metaverse and people accessing it from other virtual worlds. As one Singaporean Minister said, given the borderless nature of Metaverse, “international coordination of regulatory approaches” will be crucial.
The more likely outcome is that some virtual worlds will be regulated, perhaps subject to key rules on privacy or the transferability of assets, and others not. In the latter, the chances of both fraud and profit could be equally high.
To make any financial regulation viable in the metaverse, there need to be strong links between virtual and real-life personas, and adherence to many of the same principles that make the real financial world safe. Know your customer (KYC) requirements, tax laws, risk management methodologies and so on will all have their place in virtual reality as it evolves.
The more real the metaverse becomes, the more need it will have for regulation. Asset classes that develop in the metaverse could eventually attract value in the same way as in the physical world and therefore require the same kind of supervisory and governance frameworks.
Three steps to a metacode of conduct
However, regulations can take years to develop. In the meantime, there needs to be a set of principles for businesses engaging in the metaverse to follow. Driving change from the inside could give the metaverse and its participants the freedom they need to provide fun, exciting and innovative experiences, both within the bounds of social acceptability and with less risks to users.
In purely commercial terms, this would attract advertisers and investors by providing a transparent risk framework with strong ESG alignment and less reputational risk.
Developing these principles will take co-operation, and likely trial and error, but could include:
- Set standards. The most reputable players in the metaverse could join forces to form an independent industry body and draw up their own robust codes of conduct.
Overseen within firms by a ‘Metarules Compliance Officer’, the metaverse will have 4 must-haves: i) KYC requirements that make metaverse users verify their real-world identity, including a robust process for registering minors to minimise abusive actors; ii) safe spaces for mental well-being and AI tools to monitor addiction and PTSD; iii) the ability to opt into – and frequently confirm you’re comfortable with – levels of content; and iv) maintaining a cross industry database of bad actors and their real-world identities.
- Drive financial best practice. There should be well-defined processes to manage the financial risks of the metaverse. For example, exchange fees should be published when independent stablecoins are transferred into or out of metawallets, and real-world collateral posted for significant loans or trades. It would also make sense to outsource ID verification processes to a reputable third party and provide insurance against personal loss or even third-party injury.
The technologies that underpin the real financial world will be key to supporting these processes in the metaverse, as well as providing functionality for embedded finance, securitisation, wealth generation and taxation. To offer these capabilities, regulated environments will therefore need the right plug-ins, APIs and user experience flows.
- Give consumers a clear choice. The industry body could come up with a quality stamp that shows the virtual worlds that are self-regulating, adhere to the prescribed standards and are therefore safe places to visit.
Then it would be up to metaverse users to decide whether to stick to approved areas or take their chances in clearly unregulated environments. Virtual worlds with no real-world corporate presence would also make any regulatory standards hard to apply. Most importantly, individuals, parents or guardians should be aware of which safeguards exist and what could happen if they are absent.
As with external controls, the key to self-regulation will be to improve transparency, credibility and accountability, supported by best-practice processes. Almost certainly, crises will occur and we will all learn from them. How we respond collectively, across governments, businesses and consumers, will shape the metaverse of the future to be a place that is complementary to, and augments our real lives.
By Kanv Pandit, Group Managing Director, APAC, Banking Solutions at FIS